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ABSTRACT 



An article of manufacture for effecting secure communica- 
tions during a communications session between users in a 
secured communication cryptosystem in which users are 
each associated with a public cryp to-key and a private 
crypto-key, includes computer readable storage medium 
having computer programming stored thereon. The stored 
computer programming is configured to be readable from 
the computer readable storage medium by a computer and 
thereby cause the computer to operate so as to generate a 
private crypto-key using a private exponent and a modulus 
N, which is the product of a plurality of numbers within a set 
of large prime numbers. The generated private crypto-key is 
divided into a private user key portion having a first bit 
length and a central authority key portion having a second 
bit length. The first bit length is smaller than the second bit 
length, and is no larger than fifteen percent of the bit length 
of the modulus N but no less than 56 bits. The private user 
key portion is directed only to a single user of the crypto- 
system and the central authority's portion is directed to a 
central storage device. 

22 Claims, 9 Drawing Sheets 
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COMPUTER SYSTEM FOR CENTRALIZED 
SESSION KEY DISTRIBUTION, PRIVACY 

ENHANCED MESSAGING AND 
INFORMATION DISTRIBUTION USING A 
SPLIT PRIVATE KEY PUBLIC 
CRYPTOSYSTEM 

RELATED APPLICATION 

This application is a continuation-in-part of application 
Ser. No. 08/277376 filed Jul. 18. 1994, now U.S. Pat. No. 
5,557,678. 

BACKGROUND OF INVENTION 

1. Field of the Invention 

This invention relates to split private key cryptosystems. 
More particularly, the present invention relates to an pro- 
grammed computer and computer programming for session 
key distribution, privacy eohanced messaging and informa- 
tion distribution using a split private key cryptosystem. 

2. Description of the Related An 

Cryptosystems have been developed for maintaining the 
privacy of information transmitted across a communications 
channel. Typically, a symmetric cryptosystem is used for this 
purpose. Symmetric cryptosystems, which utilize electronic 
keys, can be likened to a physical security system where a 
box has a single locking mechanism with a single key hole. 
One key holder uses his/her key to open the box, place a 
message in the box and relock the box. Only a second holder 
of the identical copy of the key can unlock the box and 
retrieve the message. The term symmetric reflects the fact 
that both users must have identical keys. 

In more technical terms, a symmetric cryptosystem con- 
sist of an encryption function E, a decryption function D, 
and a shared secret-key, K. The key is a unique string of data 
bits to which the functions are applied. Two examples of 
cncipherment/deenciphermcnt functions are the National 
Bureau of Standards Data Encryption Standard (DES) and 
the more recent Fast Enciphermeot Algorithm (FEAL). To 
transmit a message, M, in privacy, the sender computes M-E 
(C,K), where C is referred to as the ciphertext. Upon receipt 
of C, the recipient computes M-D(C,K), to recover the 
message M. An eavesdropper who copies C, but does not 
know K, will find it practically impossible to recover M. 
Typically, all details of the enciphering and deciphering 
functions, E and D, are well known, and the security of the 
system depends solely on maintaining the secrecy of key, K. 
Conventional symmetric cryptosystems are fairly efficient 
and can be used for encryption at fairly high data rates, 
especially if appropriate hardware implementations are 
used. 

Asymmetric cryptosystems, often referred to as public 
key cryptosystems, provide another means of encrypting 
information. Such systems differ from symmetric systems in 
that, in terms of physical analogue, the box has one lock with 
two non-identical keys associated with it. Either key can be 
used to unlock the box to retrieve a message which has been 
locked in the box by the other key. 

In public key electronic cryptosystems, each entity, has a 
private key, d, which is known only to the entity, and a 
public key, e, which is publicly known. Once a message is 
encrypted with a user's public-key, it can only be decrypted 
using that user's private-key, and conversely, if a message is 
encrypted with a user's private-key, it can only be decrypted 
using that user's public-key. It will be understood by those 
familiar with the art that although the terms "encrypt" and 
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"decrypt" and derivations thereof are used herein in describ- 
ing the use of public and private keys in an asymmetric 
public key cryptosystem, the term "transform" is commonly 
used in the art interchangeably with the term "encrypt" and 

5 the term "invert" is commonly used in the art interchange- 
ably with the term "decrypt". Accordingly, as used herein in 
describing the use of public and private keys, the term 
"transform" could be substituted for the term "encrypt" and 
the term "invert" could be substituted for the term "decrypt". 

1° If sender x wishes to send a message to receiver y, then 
x, "looks-up" y's public key e, and computes M-E^Qe^) and 
sends it to y. User y can recover M using its private-key d^,, 
by computing M-D(C4 y ). An adversary who makes a copy 
of C, but does not have cL, cannot recover M. However, 

15 public-key cryptosystems are inefficient for large messages. 
Public-key cryptosystems are quite useful for digital 
signatures. The signer, x, computes S-E(M,dJ and sends 
[M,S] to y. User y l iooks-up" x's public-key e^, and then 
checks to see if M-D(S, ej. If it does, then y can be 

20 confident that x signed the message, since computing S, such 
that M-D(S, ej, requires knowledge of d„ x's private key, 
which only x knows. 

Public-key cryptography also provides a convenient way 
of performing session key exchange, after which the key thai 

25 was exchanged can be used for encrypting messages during 
the course of a particular communications session and then 
destroyed, though this can vary depending on the applica- 
tion. 

30 One public key cryptographic system is the Rivest, 
Shamir, Adleman (RSA) system, as described in Rivest, 
Shamir and Adleman, "A Method of Obtaining Digital 
Signatures and Public Key Cryptosystems", CACM, Vol 21, 
pp 120-126, February 1978. RSA is a public-key based 

35 cryptosystem that is believed to be very difficult to break. In 
the RSA system the pair (e.NJ, is user i's public -key and d, 
is the user's private key. Here N—pq, where p and q are large 
primes. Here also e^-lmod^N;), where ^N^-tp-l) (q-1) 
which is the Euler Toitient function which returns the 

4Q number of positive numbers less than N it that are relatively 
prime to N,. ACarmichael function is sometimes used in lieu 
of a Euler Toitient function. 

To encrypt a message being sent to user j, user i will 
compute C-M^modN, and send C to user j. User j can then 

45 perform M-C^modN, to recover M. User i could also send 
the message using his signature. The RSA based signature of 
user i on the message, M, is M rfi modN,. The recipient of the 
message, user j, can perform M^modN/'^modN,, to verify 
the signature of i on M. 

50 In a typical mode of operation, i sends j, M^modN, along 
with M and a certificate C^e.N,.) (d^modN^, where C 
is generated by a Certificate Authority (CA) which serves as 
a trusted off-line intermediary. User j can recover i's public 
key from C, by performing C^modN^, as t CA and 

55 are universally known. It should also be noted that in an RSA 
system the encryption and signatures can be combined. 

Modifications to RSA systems have been proposed to 
enable multi-signatures to be implemented. Such an 
approach is described in Digital Multisignarure, C. Boyd, 

60 Proceedings of the Inst, of Math, and its Appl. on Cryptog- 
raphy and Coding, 15—17 Dec. 1986. The proposed approach 
extends the RSA system by dividing or splitting the user 
private key d into two portions, say d f and oV, where d.'d^. 
Recently an improved system and method for split key 

65 public encryption has been disclosed using a split private 
key, see U.S. patent application Ser. No. 08/277,808 filed on 
Jul. 20, 1994 for Y. Yacobi and R. Ganesan entitled "A 
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System and Method for Identity Verification, Forming Joint central authority generates a session key. The key is 

Signatures and Session Key Agreement in an RSA Public encrypted separately with (i) the first central authority key 

Cryptosystem". The described system and method, allow portion and corresponding public encryption key to form a 

two system users to verify each other's identity, form a joint first encrypted session key and (ii) with the second central 

signature and establish and distribute a session key in an 5 authority key portion and corresponding public encryption 

RSA environment. key to form a second encrypted session key. The first and 

The system and method developed by Yacobi and Ganc- second eocrypted session keys are respectively disclosed to 

san provides significant benefits where no intermediary the first and second users. The first user decrypts the session 

between the users needs to be empowered with the ability to key by applying the first user key portion to the first 

ease drop on encrypted communications. However, in prac- l(J encrypted session key. The second user decrypts the session 

tical systems, it is often desirable or required, for reasons key by applying the second user key portion to the second 

other than security, that an intermediary with such power be encrypted session key. Messages exchanged between the 

placed between the users. Such an intermediary can provide first and second users during a communications session arc 

a central point of audit and service cancellation, as well as encrypted/decrypted by applying the session key to the 

other benefits. For example, public subscription systems, , 5 message. 

such as public electronic mail systems, will normally have According to another aspect of the invention, which could 

a central intermediary empowered to monitor the access of be useful for legal wiretaps, one or more of the users, for 

a subscriber and terminate access should a subscriber fail to example the Federal Bureau of Investigation (FBI) and/or 

pay bis monthly access fee. However, those conventional the Department of Justice, generate a first message(s), such 

systems lack the capability to easily and promptly authorize 2Q as a request for a session key provided to two other users, 

a user's access to the system and distribute a session key or The message is encrypted with both the Justice Depart- 

implement lawful wiretaps, privacy enhanced messaging ment's and the FBI's user key portions. The central authority 

and secure message distribution. decrypts the message by applying the central authority key 

Therefore, it is an object of the invention to provide a portions and the first and second public encryption keys to 

programmed computer and computer programming which 25 tne message corresponding to the Justice Department's and 

facilitates confirmation of a user's authorized access to FBI's user key portions. Assuming proper decryption veri- 

another user of the system by a central intermediary each fies that the wiretap is properly authorized, the central 

time a communication is initiated using split private key authority generates a reply message. The reply message 

public encryption. may, for example, include a session encryption key which 

It is a still further object of the present invention to 30 has been previously provided by the central authority to the 

provide a programmed computer and computer program- other system users. The reply message is encrypted with the 

ming which facilitates distribution of session keys through a central authority key portions and the public encryption key 

central intermediary using split private key public encryp- portions corresponding to the Justice Department's and the 

tjoo FBI's user key portions. The Justice Department and FBI 

It is also an object of the invention to provide a pro- 35 decrypt the reply message by applying their respective user 

grammed computer and computer programming for session ke y portions to the encrypted reply message. Thus the FBI 

key distribution by a central intermediary using spUl private and/or Justice Department now have the session key being 

key encryption which facilitates the authorization and imple- uscd b y. tDC otbcr t0 encrypt and decrypt their com- 

mentation of lawful wiretaps, privacy enhanced messaging munications. 

and secure message distribution. 40 The central authority can also generate another user 

Additional objects, advantages and novel features of the P rivatc encryption key and corresponding public encryption 

present invention will become apparent to those skilled in kcv . for example, for the switch which establishes and 

the art from the following detailed description, as well as by controls communication links between other users. This 

practice of the invention. While the invention is described P nvate encryption key is likewise divided into a user key 

below with reference to preferred embodiments, it should be 45 portion and a corresponding central authority key portion, 

understood that the invention is not limited thereto. Those of The ^ portion is provided to the switch. The central 

ordinary skill in the art having access to the teachings herein authority key portion and the user public encryption keys are 

will recognize additional applications, modifications and retained by the central authority. 

embodiments in other fields which are within the scope of The central authority can now generate a message direct- 

the invention as disclosed and claimed herein and with 50 ing the switch to establish the wiretap, perhaps by copying 

respect to which the invention could be of significant utility. and/or transmitting to the FBI the communications for which 

, the wiretap has been authorized. This message is encrypted 

SUMMARY OF THE INVENTION ^ (he ^ authorUy key and pubhc e \ cryptioi T key 

The present invention provides an improved method and corresponding to the switch's user key portion. The switch 

system using a split key public cryptosystem. 55 decrypts the message by applying its user key portion to the 

In accordance with one aspect of the invention, a first and encrypted message. If the message is properly decrypted, the 

second user private encryption key and a corresponding first switch knows the message came from the central authority 

and second user public encryption key for a respective first and, in response to the message, copies and/or transmits the 

and second user of a split key public cryptosystem are communications to the F.B.I. and/or Justice Department, 

generated. The private encryption keys are divided into first go The F.B.I, and/or Justice Department can decrypt the inter- 

and second user key portions and corresponding first and ccpted communications using the session key which was 

second central authority key portions. The first and second previously provided by the central authority, 

user key portions are respectively disclosed to the first and According to still another aspect of the invention which 

second users. The central authority key portions and public can be applied to privacy enhanced messaging (PEM), a first 

encryption keys arc disclosed to a central authority. 6 5 user generates a message which is subjected to a hash 

After receiving a request from either of the users to function to form a hash message. The bash message is 

establish a communications session with the other user, the encrypted with the first user key portion. The central autbor- 
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ity further encrypts the encrypted bash message by applying decrypting the encrypted session key by applying the first or 

the first central authority key portion to the encrypted hash second user key portion, as applicable, to the received 

message to form a fully encrypted hash message. A second encrypted session key. The user station processors then 

user applies the first user's public key portion to decrypt the apply the session key to encrypt and decrypt messages, 

fully encrypted hash message. 5 which may be in the form of analog or digital voice, audio, 

. . . . ... _ r *u • video or data signals, transmitted, via the communications 

In accordance with a still other aspect of the invention , * ' ' 

. . . 1 ■ -ii ■ network, between the first and said second users, 

relating to message distribution, which is particularly suit- . \. ... . . . . 

. . , s . . ,- 5 ., . ,,. . . i« ■. j ,u . * n another embodiment, the sys em ateo inc udes one or 

able for video disU-.but.on, although not limited thereto, a more ^ ^ oqs qt ^ me J s for m 

video, is encrypted with a message encryption key to form ^ me fijst afld usef k ponio ™T& ^ 

an encrypted video. The message encryption key is prefer- w mcssagc fa Ulinsmincd ^ ^ co J m ^ unications networ k l0 

ably a symmetric encryption key. Upon receipt of a user the central security processor. After receiving the encrypted 

request to view the video, the central authority generates a mesS age the central processor decrypts the message by 

session key as described previously. The message encryption retrieving from storage and applying the first and second 

key is encrypted with the session key to form an encrypted central authority key portions and corresponding public 

message encryption key. The central authority further 15 encryption keys to the message. The processor then gener- 

encrypts the encrypted video with the requesting user's ates another message encrypted with the first and second 

central authority key portion and public encryption key to central authority key portions and the corresponding public 

form a fully encrypted video. The requesting user applies the encryption key portions. This other encrypted message is 

session key to decrypt the encrypted message encryption transmitted via the communications network and received, 

key. The requesting user can then apply the decrypted 20 for example, by a user station and decrypted by the station 

message encryption key and the his/her user key portion to processor by applying the first and second user key portions 

decrypt the fully encrypted video. to me encrypted message. If, for example the system is being 

_ „ l * l . . , . used for a legal wiretap, the later encrypted message could 

The system accordmg to the present invention includes bg a fof ^ DCTypliDg aod ^young messages 

means preferably a central security processor, for general- cxch a cd durin ' a ^JSacSions session befween users 

ing a first and second user private encryption key and a of tfae system otfaer thaQ the ^ and XQQad users 

corresponding first and second user public encryption key A t ical 5 tcm abo mchjdc at lcasl onc switch or 

for respective first and second users of the system. The otbe r Sim iiar central device for establishing communications 

security processor or other suitable means divide each of the ^ beIween system users who desire , 0 have a commu , 

user private encryption keys into a user key portion and a aications In one system embodiment, the central 

corresponding central authority key portion. Modems, inter- ocessor has lhe capability to gene rate a user 

faces and other communication devices may also be pro- rivate encryption key and a corresponding user public 

Wded for respectively conveying the first and second user encryption key for the switch and divides the user private 

key portions to the first and second users. encryption key into a user key portion and a corresponding 

The central authority key portions and user public encryp- 35 central authority key portion. The user key portion may be 

tion keys are preferably stored on central storage device stored on a switch processor, if desired. The central authority 

such as a central security server. The central security pro- k ey portion and corresponding user public encryption key 

cessor and server are preferably located in a secured area and are preferably stored on the central security server, 

linked with system users by a communications network such Should, for example, a legal wiretap be authorized, the 

as a small local area network, wide area network or public ^ cerUral security processor, in another embodiment, is 

telephone network, or the INTERNET or any combination capa bl e of generating a message, and encrypting it with the 

thereof. central authority key and third user public encryption key 

A request of a first user to establish a communications corresponding to the switch's user key portion. The message 

session with second user is transmitted, by a suitable trans- could, for example, direct the switch to establish the tap. The 

mission device, to the central authority, who is represented 45 encrypted message can be transmitted via the communica- 

on the system by the central security processor. The system tions network, and received by the switch processor. The 

could be implemented as part of an advanced intelligent switch processor decrypts the encrypted message by appli- 

network (AIN), in which case the request would be directed cation of the switch's user key portion. In accordance with 

to the security processor by the AIN processor. Upon receiv- the decrypted message the switch is reconfigured to copy or 

ing the request, the central processor generates a session 50 transmit encrypted messages between certain system users 

encryption key, which is typically a symmetric encryption to the station or stations of the users who had obtained the 

key. The central processor then encrypts the session key wiretap authorization. 

separately with the first central authority key portion and i 0 another embodiment, the system incorporates means, 

corresponding user public encryption key to form a first preferably implemented within the user stations, for gener- 

encrypted session key and with the second central authority 55 atm g a hash message by applying a hash function to a 

key portion and corresponding public encryption key to message which will be communicated over the system. The 

form a second encrypted session key. The private key user station encrypts the hash message with, for example, 

portions and public keys are retrieved by the central pro- me user key portion of a first user. The encrypted hash 

cessor from the central server prior to encrypting the session message is transmitted, via the communications network, 

key. 60 and received by the central security processor. The central 

The system has modems, interfaces and other means to security processor further encrypts the encrypted hash mes- 

respectively transmit the first and second encrypted session sage with the central authority key portion for the first user 

keys to the first and second users. These users are normally to form a fully encrypted hash message. The fully encrypted 

represented within the system by user stations. The first hash message is transmitted via the network to another user 

user's station receives the first encrypted session key and 65 station. After receipt, the recipient user station decrypts the 

second user's station receives the second encrypted session message by applying the first user's public encryption key to 

key. Each user station preferably has a processor capable of the fully encrypted hash message. 
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Id yet another embodiment which is particularly suitable 
for data or video distribution, the system also includes 
means, which could be the central security processor or 
preferably a separate processing unit, for encrypting a 
message, e.g. a compressed audio/video signal representing 
a video film, with a message encryption key to form an 
encrypted video. The message encryption key is preferably 
only known to the video owner or distributor. The encrypted 
video is stored in, for example, the central security server or 
another system server. After receipt of a request from a 
system user to view the video, and authorization from the 
video distributor, a session key is provided to the requester 
and the distributor as described above. 

The distributor, using a user station, encrypts the message 
encryption key with the session key to form an encrypted 
message encryption key and transmits the encrypted key to 
the requester's station via the system's communications 
network. The requester's station decrypts the message 
encryption key using the session key. The central security 
processor retrieves the encrypted video from the central 
server and transmits the encrypted video to the requester's 
station. The requester's station receives the encrypted video 
and decrypts it by applying the decrypted message encryp- 
tion key to the encrypted video. 

In accordance with still other aspects of the invention the 
user key portions each have a bit length which is smaller 
than the bit length of the corresponding central authority key 
portion. It is preferred that the bit length of each user key 
portion which must be memorized or stored in a battery 
powered device, such as a cellular phone or personal com- 
munications device, is between 56 and 72 bits. The user 
private encryption key may be comprised of a private 
exponent and a modulus N which is a product of a plurality 
of numbers within a set of large secret prime numbers. In 
such cases the user public encryption key is comprised of a 
public exponent and the modulus N. It is also preferred that 
the bit length of each user key portion be no larger than 
fifteen percent of the bit length of the corresponding modu- 
lus N but no less than 56 bits. 

Each user station and server, and the central authority 
processor/server will typically be represented by a computer 
which is driven by programming instructions stored on an 
associated computer readable storage medium to operate in 
the described manner. The computer could be a personal 
computer, work station, mini-computer, main frame com- 
puter or any other computing device with sufficient power to 
perform in accordance with the invention. The computer 
readable storage could be a hard or floppy disk, CD, ROM, 
RAM, DRAM, SRAM, EPROM or other memory device, 
including electrical, magnetic and optical memory. Storage 
media associated with each user station or server may be 
adapted to store a private key portion of the user crypto-key. 
Storage media associated with the central authority server 
will typically store the central authority private key portion 
and/or the public crypto-key of each user's crypto-key. 

The present invention is described such that the public 
crypto-key is used for particular encryption or decryption 
functions and in combination with a particular portion of the 
corresponding private crypto-key. However, it will be under- 
stood by those skilled in the art that the public crypto-key 
could equivalently be used in the reciprocal functions (i.e. 
for decryption rather than encryption and vice versa) and 
with the other portion of the corresponding private crypto- 
key from those described. 

BRIEF DESCRIPTION OF THE DRAWINGS 
FIG. 1 illustrates a system in accordance with the present 
invention. 



.8,792 

8 

FIG. 2 illustrates session key distribution in accordance 
with the present invention. 

FIG. 3 illustrates wiretap authorization and implementa- 
tion in accordance with the present invention. 
5 FIG. 4 illustrates privacy enhanced messaging (PEM) in 
accordance with the present invention. 

FIG. 5 illustrates video distribution in accordance with the 
present invention. 
io FIG. 6 depicts a computer suitable for use as a central 
authority processor/server depicted in FIG. 1. 

FIG. 7 is an exemplary block diagram of the computer 
depicted in FIG. 6. 
FIG. 8 depicts a computer suitable for use as the user 
15 stations or servers depicted in FIG. 1. 

FIG. 9 is an exemplary block diagram of the computer 
depicted in FIG. 8. 
FIG. 10 depicts a computer suitable for use as the switch 
^ depicted in FIG. 1. 

FIG. 11 is an exemplary block diagram of the computer 
depicted in FIG. 10. 

FIG. 12 depicts a computer suitable for use as the video 
distributors user station described in FIG. 5. 
25 FIG. 13 is an exemplary block diagram of the computer 
depicted in FIG. 12. 

PREFERRED EMBODIMENT OF THE 
INVENTION 

30 The present invention provides a system and method for 
improving conventional cryptosystems using a joint signa- 
ture protocol in which two (or more) parties must collabo- 
rate in order to compute the digital signature. No single party 

35 can compute such a signature independently, 

FIG. 1 schematically illustrates a distributed public cryp- 
tosystem 10 in accordance with the present invention. The 
distributed system 10 includes a communications network 
12 which includes a switch 70 for establishing communica- 

4Q lion links between system users. A plurality of user stations, 
30-40, are connected to a network 12. If, for instance, the 
network 12 is a public switched telephone network, the user 
stations 30-36 could be connected to network L2 via the 
subscriber lines 14. Another group of user stations, 38 and 

d5 40, are connected to the network 12 by the local area 
network (LAN) 16. The LAN 16 may, for example, be an 
Ethernet, token ring network or FDD! network. The LAN 16 
is itself connected to the network 12, by a subscriber line 17. 
The user stations may be personal computers, work stations, 

5 q telephones, personal communication devices, or any other 
device capable of inputting messages to and/or receiving 
messages from the network 12. The network 12 may be part 
of an advanced intelligent network (AIN). If the system is 
implemented in an AIN environment, communications ben- 

55 cficially arc directed by one or more AIN processing units. 
The distributed system 10 also includes a plurality of 
servers, 22-26. The servers illustratively contain databases 
which users at the user stations may wish to access. Acentral 
security processor 50 and central security server 60 cora- 

60 plcte the system. 

Referring now to FIG. 2, in step 202 the private encryp- 
tion keys and public encryption keys are generated by 
central security processor 50 for each user of the system. 
Processor 50 then divides the private encryption key into 

65 two portions in step 204. Alternatively, a user might select 
a private key portion for his/her own use. Processor 50 could 
then generate a second private key portion such that the user 
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selected and processor generated private key portions can be 
joined to form the private encryption key. 

Both the private and public encryption keys are typically 
generated using a private exponent and a modulus N which 
is the product of a large number of prime numbers. It is 
preferable that the length of the portion of the divided 
private encryption key which is maintained by the user be 
substantially smaller than the modulus N value. It is further 
preferred that the user portion of the divided private encryp- 
tion key be no larger than 15% of the length of the modulus 
N but not less than 56 bits. If the modulus N is 512 bits in 
length and, the user portion of the private encryption key 
must be memorized by the user or stored in the user's 
personal communications device or cellular phone, the 
user's portion of the divided private encryption key is 
preferably be between 56 and 72 bits. 

After the private encryption keys have been divided, the 
user's portion can be transmitted by processor 50 via the 
public switch network, subscriber lines, LAN, and other 
communications links to the users in step 206. Alternatively, 
if more security is desired, the user private key portions 
could be provided to each user in some other manner in step 
206. The central authority's portion of the private encryption 
key and the public key for each user are stored on central 
security server 60 by processor 50 in step 208. 

In step 210 a request is received from a user using user 
station 30 to establish a communication session with a user 
at user station 32. The request is transmitted via the network 
to processor 50. In response to the request, processor 50 
generates a session key in step 212. If desired session keys 
can be pre-gencratcd and stored on server 60; however it is 
generally preferable to generate session keys when required. 
In step 214, processor 50 encrypts the session key with the 
central authority's portion of the private encryption key and 
associated public encryption key for the users at stations 30 
and 32 thereby forming two encrypted session keys. The 
session key encrypted with the central authority's portion of 
the private encryption key and associate public encryption 
key for the user at station 30 is transmitted to station 30. 
Correspondingly, the session key which has been encrypted 
by processor 50 with the central authority's portion of the 
station 32 user's private encryption key and associated 
public encryption is transmitted to station 32. 

In step 216, the session key transmitted to station 30 is 
decrypted by the station 30 processor by applying that 
portion of the private encryption key which is maintained by 
the station 30 user. Similarly, station 32, using the portion of 
the private encryption key maintained by the station 32 user, 
decrypts the session key transmitted to station 32 by pro- 
cessor 50. Now that a session key has been distributed, 
communications between stations 30 and 32 can be secured. 
Thus, in step 218 a message is generated on station 30. The 
message is encrypted in step 220 by the station 30 processor 
with the session key. The encrypted message is transmitted 
via the network to station 32 and decrypted by the station 32 
processor using the session key received by station 32. 

FIG. 3 sets forth the preferred steps, should a wiretap be 
authorized, to intercept and eavesdrop on the communica- 
tions between the users of stations 30 and 32. In step 302, a 
wiretap request is generated by a user on station 34. The 
message is encrypted in step 304 with the user's portion of 
his private encryption key on the station 34 processor and 
transmitted via the network to station 36 which is used by an 
individual required to authorize all wiretaps. If the user of 
station 36 is willing to authorize the wiretap, the message is 
further encrypted in step 306 by the station 36 user with his 
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portion of his private encryption key. This jointly encrypted, 
or signed, message is transmitted by station 36 via the 
network to the central security processor 50. In step 308, the 
central security processor decrypts the message by applying 

5 the central authority's portion of state 34 and 36 user's 
private encryption keys and the associated public encryption 
keys to the message. The keys applied by processor 50 are 
retrieved as required from storage on central security server 
60. Processor 50 knows that the wiretap has been properly 

10 authorized if the request for wiretap is properly decrypted by 
the application of the stored private encryption key portions 
and associated public encryption keys for the station 34 and 
36 users, since these users must be known to processor 50 
as having the joint authority to authorize wiretaps. 

15 In step 3 10, station 50 generates a message containing the 
session key which has been provided to user stations 30 and 
32. The session key is encrypted in step 312 with the central 
authority private encryption key portions and associated 
public encryption keys of the users of stations 34 and 36. 

20 The encrypted session key is then sent via the network to 
station 36 which applies its user's portion of the user's 
private encryption key to the message in step 314. This 
partially decrypted session key is transmitted via the net- 
work to station 34 which, in step 316, decrypts the message 

25 by applying its user's portion of the user's private encryp- 
tion key. 

In order to divert the communications between user 
stations 30 and 32 to station 34, processor 50 also generates 
a message to the switch 70 in step 318. The switch is treated 

3D as any other user of the system and thus a portion of the 
switch's private encryption key is maintained by the switch 
and the other portion of the switch's private encryption key 
and the associated public encryption key are stored on server 
60. In step 320, processor 50 encrypts the message to the 

35 switch by applying the stored portion of the private encryp- 
tion key and associated public encryption key for the switch. 
This encrypted message is transmitted via the network to the 
switch 70. Switch 70 decrypts the message by applying, in 
step 322, the portion of its private encryption key which it 

40 maintains and proceeds to configure the network in step 324 
such that the communications between stations 30 and 32 
are intercepted and diverted to station 34. Since the com- 
munications between station 30 and 32 have been encrypted 
with the session key which processor 50 has also provided 

45 to station 34, the intercepted communications can be 
decrypted by station 34 using the session key. Hence, in step 
326 station 34 applies the session key to decrypt the inter- 
cepted messages. It should be noted that using the invention 
described herein, the authorized wiretap can be implemented 

50 without violating the secrecy of the user's portion of the 
private encryption key of those users whose communica- 
tions are being intercepted. 

FIG. 4 describes the steps implementing privacy 
enhanced messaging in accordance with the present inven- 

55 tion. In step 402, a message is generated on station 30. 
Station 30 is, in accordance with this embodiment, provided 
with a hash function. In step 404 the station 30 processor 
applies the hash function to the generated message to 
generate a hash message. The hash message is encrypted in 

60 step 406 by station 30 using the user portion of the users 
private encryption key. In step 408 the message itself is 
encrypted by station 30 with the session key which had been 
distributed to stations 30 and 32 as described in connection 
with FIG. 2 above. The encrypted hash message and mes- 

65 sage are transmitted via the network to processor 50. In step 
410, processor 50 further encrypts the hash message with the 
stored portion of the private encryption key for the user of 
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station 30. This further encrypted hash message along with 
the encrypted message are transmitted by processor 50 via 
the network to station 32. To decrypt the messages, station 

32 applies, in step 412, the public encryption key to the 
encrypted hash message and the session key to the encrypted 5 
message. 

Turning now to FIG. 5, message distribution in accor- 
dance with the present invention will be described in the 
context of a video distribution system. In step 502 a video 
distributor acting through user station 33 encrypts a com- 10 
pressed video signal using a video encryption key which is 
preferably maintained with appropriate security in station 
33 's memory. The encrypted video is transmitted via the 
network to processor 50, This could be accomplished using 
a session key established between processor 50 and station 15 

33 if desired. Processor 50 stores the encrypted video on 
server 60 in step 504. A user of station 38 generates a request 
to view the video in step 506 and transmits the request to 
processor 50 via network 12. Pursuant to the request, in step 
508, station 50 generates a session key. The session key is 20 
encrypted in step 510 with the central authorities private 
encryption key portion and associated public encryption key 
for the users of stations 33 and 38 respectively. The appro- 
priate encrypted session key is transmitted to station 33 and 
38. In step 512, station 33 decrypts the session key by 25 
applying the video distributors retained portion of his private 
encryption key. Similarly, the session key is also decrypted 

by station 38 by applying the user portion of the private 
encryption key for the station 38 user to the encrypted 
session key received at that station. In step 514, station 33 30 
encrypts the video encryption key with the session key and 
transmits the encrypted video encryption key to station 38 
via the network. Processor 50 retrieves the encrypted video 
from storage on server 60 and in step 516 further encrypts 
the video with the central authorities private key portion and 35 
associated public encrypted key for the user of station 38. 
The encrypted video is next transmitted to station 38. In step 
518, station 38 decrypts the video encryption key by apply- 
ing the session key to the communication received from the 
video distributor station 33. Next in step 520, station 38 40 
decrypts the video by applying the video encryption key and 
the user retained portion of the station 38 user's private 
encryption key to the encrypted video received from pro- 
cessor 50. 

FIGS. 6-13 depict computers suitable for use as the user 45 
stations 30-^tt), the central authority processor/server 50-60 
and the data or budget servers 22-26 and the switch 70 
shown in FIG. 1. The computers are preferably commer- 
cially available personal computers or high-powered work 
stations. Each computer's processor could, for example, be 50 
a Pentium™ processor. Any commercially available key- 
board and/or mouse and monitor can be utilized. A high- 
speed network interface, including a high-speed modem, is 
preferred although not mandatory. The depicted configura- 
tion of the computers is exemplary. One or more of the 55 
computers could, if desired, also or alternatively include 
other components (not shown), such as an optical storage 
medium. Any number configurations could be suitable for 
implementing the invention so long as sufficient storage 
capacity and processing capability are provided. All of the 60 
computers are depicted as having similar hardware 
configurations, although this is not necessarily the case. For 
example, as will be well understood by the skilled artisan, it 
may be desirable for components of the respective comput- 
ers to have attributes such memory storage capacity, data 65 
transmission rates and processing speeds which differ. In this 
regard, typically the security, data and budget servers 22-26 



and 60 would include a much larger hard drive and a faster 
processor than the user stations 30-40. 

Each of the computers differ in their respective program- 
ming instructions so that each of the computers is uniquely 
driven to operated in accordance with the present invention. 
That is, the functionality of each of the computers described 
with reference to FIGS. 6-13 varies from that of the other 
computers due to the programming instructions which drive 
its operation. It will be understood that although FIGS. 6-13 
depict computers which appear to be similar to each other, 
each of these computers will be driven to operate as 
described below by a different set of programming instruc- 
tions even though the hardware components may be iden- 
tical. It will also be recognized by those skilled in the art that 
only routine programming is required to implement the 
required programming instructions. 

To avoid unnecessary duplication the computers depicted 
in FIGS. 6-13 will be generally described only with refer- 
ence to FIGS. 6 and 7. It should be understood that the 
corresponding components of the computers depicted in 
FIGS. 8-13 will be similar. Further, since the computer 
components and configurations are conventional, routine 
operations performed by the depicted components will gen- 
erally not be described, such operations being well under- 
stood in the art. 

Preferably, each of the computers initially stores its 
unique programming instructions on its ROM or hard disk. 
The private key portion of the user's crypto-kcy which the 
user retains may, if desired, be stored in each computer on 
the hard disk but is preferably maintained personally by the 
user in most cases. Session keys are preferably stored 
temporarily on the RAM. Additionally, the programming 
instructions and other information stored initially on the 
ROM or hard disk will typically be downloaded to the RAM 
during operation of the computer and accessed during opera- 
tions directly from the RAM. 

Referring now to FIGS. 6 and 7, the computer 600 
includes a main unit 610 with slots 611, 612 and 613, 
respectively provided for loading programming or data from 
a floppy disc 726a, CD 728a and smart card 729a onto the 
computer 600. The computer 600 also includes a keyboard 
630 and mouse 640 which serve as user input devices. A 
monitor display 620 is also provided to visually communi- 
cate information to the user. 

As depicted in FIG. 7, The computer 600 has a main 
processor 700 which is interconnected via bus 710 with 
various storage devices including RAM 720, ROM 722 and 
hard disk 724a, all of which serve as a storage medium on 
which computer programming or data can be stored and 
accessed by the processor 700. The main processor 700 is 
also interconnected via bus 710 with various other devices 
such as the floppy disc drive 726, the CD drive 728 and the 
card reader 729 which are capable of being controlled by 
drive controller 750 to read computer programming or data 
stored on a floppy disc 726a, CD 728a or smart card 729a 
when inserted into the appropriate slot 611, 612 or 613 in the 
unit 610. By accessing the stored computer programming 
the processor 700 is driven to operate in accordance with the 
present invention. 

The processor 700 is also operatively connected to the 
keyboard 630 and/or mouse 640, via input interface 730. The 
display monitor 620 is also interconnected to the processor 
700, via display interface 740, to facilitate the display of 
information to the user. The network interface 760 is pro- 
vided to interconnect the processor 700 to the networks) 12 
and/or 17 depicted in FIG. 1 and accordingly allow com- 
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munications between the computer 600 and other network FIG. 2, the keys would be those associated with the users of 

devices. Since the computer 600 serves as the centra) stations 30 and 32 depicted in FIG. 1. 

authority 50, 60, the network interface allows communica- The processor 700, in accordance with its stored program - 

tions with user stations 30-40, network servers 22-26 and ming instructions, and as indicated in step 214, respectively 

the switch 70. 5 encrypts the generated session crypto-key with the central 

The utter-operation of the various components of the authority's portion of the private crypto-key and associated 

computers depicted in FIGS. 6-13 in performing session key P ubhc crypto-key of each of the applicable users to form 

distribution, in accordance with the steps disused above e ^ ed ° n k W " - each , ^P^ely eocryaed 

. . t- *, -„ , . . a e with the central authority s private key portion and the 

with reference to FIG. 2, will now be described. Referring ... , .... . c .. 

' ™„ c , . _ ' . , , nn . - ? 10 public key portion associated with a respective one of the 

first to FIGS. 6 and 7, a programmed computer 600 which 10 r _ ^, r _ Aft . , . , r .. _ . , . 

, , . - , n . , users. The processor 700 is now driven to direct each of the 

serves as the central authority processor 50 and central , . , ... „ , . t c , . . 

. . , . t , / *L„ , , , encrypted keys to the network interf ace 760 for transmission 

authority server 60 depicted in FIG. 1. In response to a . /. r „ , , „ . f . 

* . . *™ . , via the network 12 to a respective one of the users, 

request for a crypto-key, the processor 700 is driven by . _ ~ 

programming instructions stored on the hard disk 724a to Refer ™& a 6 ain to F ' G K S ' « and 9 - eacb of lhe enc <yP ted 

generate a private crypto-key and public crypto-key for a « sess'^n keys is received by the appropriate user station or 

iscr as indicated in step 202 of FIG. 2. xrvtr Accordingly a nerwork inlerface 760 

receives the encrypted session key which is transmitted via 

The request may be entered on the keyboard 630 or using the bus 71Q , ^ the processor 700 . ^ proce ssor 700' is 

the mouse 640 of the central authority computer 600 and driveD b its s(ored programming instrdCt i ons t0 decrypt the 

transmitted to the processor via input mterface :730 and bus te as describcd m step 216 of nG 2 . More 

710. Alternatively, the request may be received from a user parlicularly) lhc portion of the uscr > s private crypt o-key 

station 30-40. server 22-26 or switch 70 via the network 12^ whicb fa maintamcd by ^ uscr ^ Ucd t0 lhc cocrvptcd 

Signals received by the network mterface 760 are transferred R lQ d ^ mha k PrefcrablVf lhc USC t's 

tomepmces^r700viathebus710.Asdiscussedearlier the pfivate Rcy ^ fe memorizcd by the ^ and hcncc 

user request for a crypto-key may include a user private key WQuId bc cmercd via (hc k m > and transmittcd via 

portion which is separately selected by or generated for the ^ . ^ and ^ JW tQ ^ processor 7(K) , 

user. In such a case, the processor 700 wiU generate the ^ processor may storc me private key ortion 

pnvate crypto-key using the private key portion provided temporarily on the RAM m if desired, although this is not 

with the request. preferred. 

The processor is next driven by stored programming 30 mc applicable users now have access to a common 

instructions to divide the generated private crypto-key into session key which has been securely distributed and can be 

two portions as indicated in step 204 of FIG. 2. The used to secure communications between the applicable user, 

processor 700 directs the users portion of the private crypto- Accordingly, a message can now be entered, for example 

key to the network interface 760 via bus 710 for transmis- using keyboard 630* and reviewed on the monitored 620'. A 

sion over the network 12 to the applicable user station 3J comman d can be entered using the keyboard 630* or mouse 

30-40, server 22-26 or switch 70 as indicated in step 206 of 640 - pursuam t0 wh j cb the processor 700' is driven by its 

FIG. 2. The processor 700 also, in accordance with its storcd programming instructions to encrypt the message, as 

programmed instructions, directs the central authority's por- indicated in step 220 of FIG. 2, with the session key which 

lion of the private crypto-key and the user's public crypto- ^ pre f er able stored by the processor 700' on the RAM 720'. 

key to the hard drive 724 which is controlled by the drive ^ To per f orm tnis encryption, the processor 700' retrieves the 

controller 750 to store the central authority's private key key from me p^, 720- via the bus 710' and applies 

portion and the public crypto-key on hard disk 724a. As mc session key ^ lne convea tional manner to encrypt the 

indicated in step 208 of FIG. 2. message which has been received via input inlerface 730' 

Turning now to FIGS. 8 and 9. The computer 600' serves and bus 710'. The encrypted message is now directed by the 

as any of the user stations 30-32 or 34-40 or server 22-26. 45 processor 700' through the bus 710' to the network interface 

A command is entered by a user on the keyboard 630' or 760' and transmitted via the network 12 to at least one other 

using the mouse 640'. The command will typically be user. As described in step 220 of FIG. 2, the encrypted 

displayed on the monitor 620' and is received by the message is received by the network interface 760' of another 

processor 700* via the input interface 730' and bus 710'. user's station and directed to the processor 700' over the bus 

Responsive to the command and in accordance with its 50 710'. The processor 700' now retrieves the session key stored 

programming instruction stored on the hard disk 724a or on its RAM 720' and applies the session key in the conven- 

ROM 722, the processor 700* generates a request for a tional manner to decrypt the message as discussed in step 

session with another system user which is transferred via bus 222 of FIG. 2. 

710' to the network interface 760' for transmission over the 7b e operation of the computers depicted in FIGS. 6-9 in 

network 12 as indicated in step 210 of FIG. 2. 55 accordance with their respective stored programmed instruc- 

Returning to FIGS. 6 and 7, the request is received by the tions will now be described in the context of establishing 

network interface 760 and transferred to the processor 700 legal wiretaps in accordance with tbe steps described in FIG. 

via the bus 710. The processor in accordance with its stored 3. Referring first to FIGS. 8-9, to intercept or eavesdrop on 

programming instructions generates a symmetric session communications between users who have been provided a 

key as indicated in step 212 of FIG. 2. As noted above, if 60 session key to secure their communications, a wiretap 

desired, session keys could be generated in advance by the request is generated by a processor 700' of a user station 

processor 700 responsive, for example, to commands 30-32 or 34-40 which has not been given access to the 

entered on lhe keyboard 630 or using the mouse 640. In any session key, as described in step 302 of FIG. 2. The request 

event, the processor 700 retrieves from the hard disk 724a will normally be entered via the keyboard 630/, displayed on 

the central authority's portion of the private crypto-keys and 65 monitor 620' and sent via input inlerface 730* over the bus 

the public crypto-keys of lhe applicable users who are to 710' to tbe processor 700'. The user's private key portion 

participate in the session. As discussed in tbe description of will also preferably be entered via the keyboard 630' and 
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similarly forwarded to the processor 700'. The processor 
700' in accordance with its stored programmed instructions 
encrypts the wiretap request with the user's private key 
portion which serves as a first authorized signature on the 
wiretap request as discussed in step 304. The encrypted 5 
request is sent over the bus 710' to the network interface 760' 
which transmits the encrypted request via the network 12 to 
another user station which is operated by another user who 
must also authorize the request. 

The encrypted message is received by the other user 10 
station, also 600', via its network interface 760' and for- 
warded to the processor 700' via the bus 710'. The processor 
700' will direct the display interface 740' to notify this other 
user of the received request by some indicator on the 
monitor 620'. The user of the receiving station will then 15 
input his/her private key portion via the station keyboard 
630' if the user is willing to authorize the wiretap. In this 
case, the user's private key portion is directed by the input 
interface 730' over the bus 710' to the processor 700' of that 
user's computer 600'. The processor 700' is driven by its ^ 
stored programming instructions to further encrypt the 
encrypted message with the inputted user's private key 
portion to thereby form the joint signature on the wiretap 
request as described in step 306 of FIG. 3. The jointly signed 
and encrypted request is now forwarded by the processor 25 
700' to the network interface 760' for transmission over the 
network 12 to the central authority computer 600. 

Referring again to FIGS. 6 and 7, the network interface 
760 receives the jointly signed, i.e., jointly encrypted, wire- 
tap request and directs it over the bus 710 to the processor 30 
700. The processor 700 is driven by its stored programming 
instructions to retrieve the central authority portion of each 
user's private crypto -key and the public cryp to-key associ- 
ated with each user from the hard disk 724a. The processor 
700 is then driven to apply the retrieved private key portions 35 
and public crypto-keys of both users to decrypt the wiretap 
request as indicated in step 308. Accordingly, the central 
authority not only has received a request for wiretap, but 
also has confirmed that the wiretap request is properly 
authorized, since it has been jointly signed by the two 40 
required authorities. 

The processor 700 is now driven to retrieve the session 
key which was distributed as discussed above with reference 
to FIG. 2 to at least two users, other than those from whom 
the wiretap request has been received, from storage on, for 45 
example, the RAM 722. A message is generated by proces- 
sor 700 with the session key as discussed in step 310 FIG. 
3. The generated message is encrypted, as described above 
in step 312 of FIG. 3, by applying the previously retrieved 
central authority private key portions and public key por- 50 
tions of the two users who had jointly signed the wiretap 
request to the message. The encrypted message including the 
session key are now directed by the processor 700 to the 
network interface 760 for transmission via the network 12 to 
the user's requesting the wiretap. 55 

Referring again to FIGS. 8 and 9, the encrypted session 
key is first received by the network interface 760' of one of 
the wiretap requestor's stations. The encrypted session key 
is forwarded from the network interface 760' to the proces- 
sor 700'. The processor 700' in accordance with its stored 60 
programmed instructions transmits a signal which drives the 
display interface 740' to display a request for the user to 
enter his/her private key portion on the monitor 620'. As 
indicated previously, alternatively, the user's private key 
portion could be temporarily stored on the RAM 720* and ss 
retrieved directly by the processor 700' if so desired. In any 
event, the user's private key portion is applied to the 
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encrypted session key to partially decrypt the session key as 
indicated in step 314 of FIG. 3. The processor now directs 
the network interface 760' to transmit the partially decrypted 
session key via the network 12 to the other signer of the 
wiretap request. 

The other user's request station receives the partially 
decrypted session key via its network interface 760'. The 
station's processor 700' then queries the station user, via a 
signal which drives the display interface 740' to display a 
request on the monitor 620', for his/her private key portion. 
Alternatively, the user's private key portion could have been 
previously temporarily stored on the RAM 720'. In either 
event, the processor 700' is driven by its programmed 
instructions to apply the received user private key portion to 
the partially decrypted session key to fully decrypt the 
session key as indicated in step 316 of FIG. 3. 

Referring again to FIGS. 6 and 7, the processor 700 
further generates a switch instruction for the switch 70 of 
FIG. 1, as indicated in step 318 of FIG. 3. The switch 
instruction is encrypted by tic processor 700 by retrieving 
the central authority's portion of the private crypto-key and 
the public crypto-key of the switch 70 from the hard disk 
724a and applying these to encrypt the switch instructions, 
as discussed in connection with step 320 of FIG. 3. The 
processor 700 directs the encrypted instruction to be trans- 
mitted by the network interface 760 via the network 12 to the 
switch 70 of FIG. 1. 

The switch computer 600" is depicted in FIGS. 10 and 11. 
The encrypted instruction is received by the network inter- 
face 760" and transmitted via the bus 710" to the processor 
700". The processor 700" receives the switch's private key 
portion which may be either retrieved from storage on the 
ROM 722" or hard disk 724a" or entered by a switch 
operator via the keyboard 630". As indicated in step 322 of 
FIG. 3, the processor 700" applies the switch's private key 
portion to the received encrypted instruction to decrypt the 
message, in accordance with the programming instructions 
stored, for example, on the ROM 722". In accordance with 
the switch instruction, the switch 70 configures the network 
17 such that user communication encrypted with the session 
key are intercepted and diverted to the appropriate wiretap 
requester, as indicated in step 324 of FIG. 3. 

Referring again to FIGS. 8 and 9, the diverted encrypted 
communications are received by the user station of the 
appropriate wiretap requestor via a network 760'. The 
received encrypted communication is forwarded via the bus 
710' to the processor 700'. The processor 700' retrieves the 
session key which has preferably been stored on RAM 720'. 
The retrieved session key is applied in the conventional 
manner to decrypt the encrypted communication as indi- 
cated in step 326 of FIG. 3. 

The operation of the respective computers 600 and 600' 
will be described in performing the steps shown in FIG. 4 in 
implementing privacy enhanced messaging in accordance 
with the present invention. Referring first to FIGS. 8 and 9, 
a user station or server first generates a message responsive 
to commands entered on the keyboard 630' or using mouse 
640' of computer 600' as indicated in step 402 of FIG. 4. A 
hash function is stored on either the ROM 722' or hard disk 
724a'. The hash function is retrieved from storage by the 
processor 700' and applied to the message, as discussed in 
step 404 of FIG. 4, by processor 700' to generate a hash 
message. The hash message is then encrypted, as indicated 
in step 406, with the user's private encryption key portion 
which is preferable entered by the user on the keyboard 630'. 
The processor 700', as indicated in step 408 of FIG. 4, also 
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encrypts the message itself with a session key which has Referring again to FIGS. 12 and 13, the appropriately 

been previously provided to the user by the oeniral authority encrypted session key is received by the network interface 

as has been discussed above and is retrieved from temporary 760'" and directed to the processor 700'". Processor 700'" 

storage on the RAM 720'. The processor 700' next directs the retrieves the video distributor's portion of his/her private 

network interface 760' to transmit the encrypted hash mes- 5 crypto-key from the hard disk 7240'", and applies it to the 

sage and the encrypted message to the central authority. encrypted session key to decrypt the session key as dis- 

Rcferring again to FIGS. 6 and 7, the transmitted cussed in step 512 of FIG. 5. The requester station likewise 

encrypted messages are received by the network interface decrypts the session key using the requestor's private key 

760 and forwarded to the processor 700. The processor 700 portion. The processor 700'" retrieves the video encryption 

retrieves the central authority's private key portion for the lQ key from storage and encrypts it with the session key as 

user who originated the message from the hard disk 724a. described in step 514 of FIG. 5. Processor 700"' now directs 

Processor 700 then further encrypts the encrypted hash the network interface 760'" to transmit, via network 12 of 

message with the central authority's private key portion, as FIG. 1, the encrypted video encryption key to the central 

indicated in step 410 of FIG. 4. The processor 700 next authority. 

directs the network interface 760 to transmit the further j5 Referring again to FIGS. 6 and 7, the transmitted 

encrypted hash message and the message encrypted with the encrypted video encryption key is received by the network 

session key to another user having access to the previously interface 760 and directed to the processor 700. Processor 

distributed session key, via the network 12. 700 retrieves the encrypted video from the hard disk 724a. 

Referring again to FIGS. 8 and 9, the recipient is repre- As indicated in step 516 of FIG. 5, the processor 700 

sented by a computer 600', The transmitted encrypted mes- ^ retrieves from the hard disk 724a the central authority's 

sages are received by the network interface 760' and directed portion of the private crypto-key and the public crypto-key 

to the processor 700'. The processor 700' theo retrieves the associated with the requesting user. The processor 700 then 

originating user's public crypto-key from, for example, applies these keys to further encrypt the video which has 

storage on the hard disk 724a' and the session key from the been previously encrypted with the video encryption key, as 

RAM 720'. The processor 700' applies the originating user's 25 discussed in step 516 of FIG. 5. The processor 700 next 

public crypto-key to the received encrypted hash message to directs the network interface 760 to transmit the further 

decrypt the hash message and the session key to the encrypted video and the encrypted video encryption key via 

encrypted message to decrypt the message, as indicated in the network 12 of FIG. 1 to the requesting user, 

step 412 of FIG. 4. Referring again to FIGS. 8 and 9, the network interface 

Message distribution as discussed with reference to FIG. 30 760' receives the video encryption key encrypted with the 

5 will now be discussed. Referring first to FIGS. 12-13, the session key and the further encrypted video. The received 

computer 600'" represents a video distributor. The Computer signals are forwarded to the processor 700'. The processor 

600'" is similar to computer 600' depicted in FIGS. 8-9 700' retrieves the session key from the RAM 720' and 

except that the hard disk 724*3'" or the ROM 722'" stores applies it to the received encrypted video encryption key to 

symmetric video encryption keys and its programmed 35 obtain the video encryption key as discussed in step 518 of 

instructions differ in certain respects which are detailed FIG. 5. The processor 700' also applies the requesting user's 

below. The processor 700'" retrieves a video encryption key private key portion and the video encryption key to the 

from storage and applies it to a compressed video signal to encrypted video to decrypt the video as indicated in step 520 

encrypt the video as indicated in step 502 in FIG. 5. The of FIG. 5. The requesting user's private key portion is 

processor 700'" then directs the network interface 760"' to 40 received cither from commands entered on the keyboard by 

transmit the encrypted video via the network 12 of FIG. 1 to the user, responsive to a notice which the processor 700' has 

the central authority. driven interface 740' to display on the monitor 620', or by 

Referring now to FIGS. 6 and 7, the encrypted video is retrieving the requesting user's private key portion which 

received by the network interface 760 and directed by the has been temporarily stored on the RAM 720'. In any event, 

processor 700 to the hard disk 724a for storage, as discussed 45 the video has now been distributed and is available to the 

in step 504 of FIG. 5. requesting user for playback on for example monitor 620' or 

Referring now to FIGS. 8 and 9, the processor 700' also otherwise, 
generates a request in accordance with commands entered As described above, the present invention provides a 
either using the keyboard 630* or mouse 640', which are programmed computer and computer programming for auto- 
preferably displayed on the monitor 620*. requesting to view 50 matic identity verification by a central intermediary prior to 
of video as discussed in step 506 of FIG. 5. The processor any information being exchanged using split private key 
700' directs the network interface 760' to transmit the request public cryptography. Additionally, the described pre- 
via the network 12 to the central authority. grammed computer and computer programming ensures that 

Referring again to FIGS. 6 and 7, the transmitted request the users are authorized before a communications session is 
is received by the network interface 760 and directed to the 55 established. The programmed computer and computer pro- 
processor 700 of the central authority computer 600. The gramming facilitate the distribution of session keys, and the 
processor 700, responsive to the request, generates, in accor- proper authorization and implementation of wire taps. The 
dance with its stored programming instructions, a session described programmed computer and computer program- 
key as discussed in step 508 of FIG. 5. The processor 700 ming are fully applicable to privacy enhanced messaging 
next retrieves the central authority's portion of the private 60 and are particularly suitable for the secure distribution of 
crypto-keys and the public crypto-keys for both the video, data and other messages. 

requestor and the video distributor from the bard disk 724a. It will also be recognized by those skilled in the art that, 

These keys are then applied by the processor 700 to encrypt while the invention has been described above in terms of 

the session key, as has been discussed previously and as preferred embodiments it is not limited thereto. Various 

indicated in step 510. Processor 700 then directs the network 65 features and aspects of the above described invention may 

interface 760 to transmit the respectively encrypted session be used individually or jointly. Further, although the inven- 

key to the requestor and the video distributor. lion has been described in the context of their use in a 
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particular environment, i.e., the public switched telephone 
network, those skilled in the art will recognize that the 
present invention can be beneficially utilized in virtually any 
environment. Accordingly, the claims set forth below should 
be construed in view of the full breath and spirit of the 
invention as disclosed herein. 
1 claim: 

1. An article of manufacture for effecting secure commu- 
nications during a communications session between users in 
a secured communication cryptosystcm in which users are 
each associated with a public crypto-key and a private 
crypto-key, comprising: 

computer readable storage medium; and 

computer programming stored on said storage medium; 

wherein said stored computer programming is configured 
to be readable from said computer readable storage 
medium by a computer and thereby cause said com- 
puter to operate so as to: 

generate a private crypto-key using a private exponent 
and a modulus N which is a product of a plurality of 
numbers within a set of large prime numbers, the 
modulus N having a bit length; 

divide the generated private crypto-key into a private user 
key portion having a first bit length and a central 
authority key portion having a second bit length, 
wherein the first bit length is smaller than said second 
bit length and is no larger than fifteen percent of the bit 
length of the modulus N but no less than 56 bits; 

direct the private user key portion to only a single user of 
the cryptosystcm; and 

direct the central authority key portion to only a central 
storage device. 

2. An article of manufacture according to claim 1 wherein 
the stored computer programming is configured to be read- 
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computer readable storage medium; and 

computer programming stored on said storage medium; 

wherein said stored computer programming is configured 
to be readable from said computer readable storage 
medium by a computer and thereby cause said com- 
puter to operate so as to: 

generate a symmetric session crypto-key; 

retrieve from storage the central authority key portion 
associated with a first user and the central authority key 
portion associated with a second user from storage; 

generate a first user session key by encrypting the gen- 
erated symmetric session crypto-key with a combina- 
tion of the public crypto-key and the retrieved central 
authority key portion associated with the first user; 

generate a second user session key by encrypting the 
generated symmetric session key with a combination of 
the public crypto-key and the central authority key 
portion associated with the second user; 

direct issuance of the first user session key to the first user; 
and 

direct issuance of the second user session key to the 
second user; 

wherein the symmetric session crypto-key is obtainable 
by applying the private user key portion associated with 
the first user to the first user session key and by 
applying the private user key portion associated with 
the second user to the second user session key so that 
a common session crypto-key is available to the first 
user and the second user to encrypt and decrypt com- 
munications between said users. 
6. An article of manufacture according to claim 5, wherein 
the stored computer programming is configured to be read- 
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computer to thereby cause said computer to operate so as to 
divide the generated private crypto-key into a private user 
key portion having a first bit length between 56 and 72 bits. 

3. An article of manufacture according to claim 1 wherein 
the stored computer programming is configured to be read- 
able from said computer readable storage medium by the 
computer to thereby cause said computer to operate so as to: 

generate a public crypto-key using a public exponent and 

the modulus N; and 
direct the public crypto-key to the control storage device. 

4. An article of manufacture according to claim 1, wherein 
the stored computer programming is configured to be read- 
able from said computer readable storage medium by the 
computer to thereby cause said computer to operate so as to: 

generate a symmetric session crypto-key; 

generate a user session key by encrypting the generated 
symmetric session crypto-key with a combination of 
the public crypto-key and the central authority key 
portion; and 

direct the user session key to the user; 

wherein the symmetric session key is obtainable by 
applying the private user key portion to the user session 
key such that the symmetric session key is available to 
encrypt and decrypt messages from and to the user. 

5. An article of manufacture for effecting secure commu- 60 
nications during a communications session between users in 

a secured communication crypiosystem in which users are 
each associated with a public crypto-key and a private 
crypto-key, said private crypto-key being divided between a 
central authority key portion maintained by a central author- 65 
ity and a private user key portion assigned to the user, 
comprising: 
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computer to thereby cause said computer to operate so as to: 
retrieve from storage the public crypto-key associated 
with the first user and the public crypto-key associated 
with the second user; 
generate the first user session key by encrypting the 
generated symmetric session crypto-key with a com- 
bination of the retrieved public crypto-key and the 
central authority key portion associated with the first 
user; and 

generate the second user session key by encrypting the 
generated symmetric session key with a combination of 
the public crypto-key and the central authority key 
portion associated with the second user. 
7. An article of manufacture for effecting secure commu- 
nications during a communications session between users in 
a secured communication crypiosystem in which users are 
each associated with a public crypto-key and a private 
crypto-key, said private crypto-key being divided between a 
central authority key portion maintained by a central author- 
ity and a private user key portion assigned to the user, 
comprising: 
computer readable storage medium; and 
computer programming stored on said storage medium; 
wherein said stored computer programming is configured 
to be readable from said computer readable storage 
medium by a computer and thereby cause said com- 
puter to operate so as to: 
decrypt an encrypted first message by applying thereto the 
central authority key portion associated with a first user 
and the central authority key portion associated with a 
second user; 
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ge aerate a second message; 

encrypt tbc second message with a combination of the 
central authority key portion and the public crypto-key 
associated with the first user and the central authority 
key portion and the public crypto-key associated with 
the second user; and 

direct issuance of the encrypted second message to at least 
one of the first and the second users; 

wherein, the second message is obtainable by applying 
thereto the private user key portion associated with the 
first user and the private user key portion associated 
with the second user. 

8. An article of manufacture according to claim 7, wherein 
the stored computer programming is configured to be read- 
able from said computer readable storage medium by the 
computer to thereby cause said computer to operate so as to 
generate the second message so as to include a common 
session encryption key directed to other users. 

9. An article of manufacture according lo claim 7, wherein 
the stored computer programming is configured to be read- 
able from said computer readable storage medium by the 
computer to thereby cause said computer to operate so as to: 

decrypt the encrypted first message by applying the public 
crypto-key associated with the first user and the public 
crypto-key associated with the second user thereto; and 

encrypt the second message with the public crypto-key 
associated with the first user and the public cryplo-key 
associated with the second user. 

10. An article of manufacture for effecting secure com- 
munications during a communications session between 
users in a secured communication cryptosystera in which 
users are each associated with a public crypto-key and a 
private crypto-key, said private crypto-key being divided 
between a central authority key portion maintained by a 
central authority and a private user key portion assigned to 
the user, comprising: 

computer readable storage medium; and 

computer programming stored on said storage medium; 

wherein said stored computer programming is configured 
to be readable from said computer readable storage 
medium by a computer and thereby cause said com- 
puter to operate so as to: 

encrypt a request for a symmetric session crypto-key by 
applying the private user key portion associated with a 
user to the request; 

direct the encrypted request to the central authority; 

decrypt a symmetric session crypto-key encrypted with a 
combination of the central authority key portion and the 
public cryplo-key associated with the user by applying 
thereto the private user key portion associated with the 
user to obtain the symmetric session crypto-key; and 

apply the symmetric session crypto-key to encrypt and 
decrypt communications between the user and at least 
one other user. 

11. An article of manufacture according to claim 10, 
wherein the stored computer programming is configured to 
be readable from said computer readable storage medium by 
the computer to thereby cause said computer to operate so as 
to: 

geoerate a hash message by applying a hash function to a 
message to be communicated to the at least one other 
user; 

encrypt the hash message with the symmetric session 

crypto-key; and 
direct the encrypted hash message to the at least one other 

user; 
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wherein the hash message is obtainable by the at least one 
other user by applying the symmetric session crypto- 
key to the encrypted hash message. 

12. A programmed computer for effecting secure commu- 
5 nications during a communications session between users in 

a secured communication cryptosystera in which users are 
each associated with a public crypto-key and a private 
crypto-key, comprising: 
a processor configured to generate a private crypto-key 
10 using a private exponent and a modulus N which is a 
product of a plurality of numbers within a sei of large 
prime numbers, to divide the generated private crypto- 
key into a private user key portion having a first bit 
length and a central authority key portion having a 
15 second bit length, and to direct the private user key 
portion to only a single user of the cryptosystera; and 
a storage device configured to store the central authority 
key portion; 

^ wherein, the modulus N has a bit length, and the first bit 
length is smaller than said second bit length and is no 
larger than fifteen percent of the bit length of the 
modulus N but no less than 56 bits. 

13. A programmed computer according to claim 12, 
25 wherein said processor is adapted to divide the generated 

private crypto-key into a private user key portion having a 
first bit length between 56 and 72 bits. 

14. A programmed computer according to claim 12, 
wherein: 

30 said processor is further configured to generate a public 
crypto-key using a public exponent and the modulus N; 
and 

said storage device is further configured to store the 
public crypto-key. 
35 15. A programmed computer according to claim 12, 
wherein: 

the processor is further configured lo generate a symmet- 
ric session crypto-key, to generate a user session key by 
encrypting the generated symmetric session crypto-key 
4 ° with a combination of the public crypto-key and the 
central authority key portion associated with the user, 
and direct issuance of tbc user session key to the user; 
and 

the storage device is further configured to store the 
45 symmetric session crypto-key; 

wherein the symmetric session crypto-key is obtainable 
by applying the private user key portion associated with 
the user to the user session key such that the symmetric 
5Q session key is available to encrypt and decrypt mes- 
sages from and to the user. 
16. A programmed computer for effecting secure commu- 
nications during a communications session between users in 
a secured communication cryptosystem in which users are 
55 each associated with a public crypto-key and a private 
crypto-key, said private crypto-key being divided between a 
central authority key portion maintained by a central author- 
ity and a private user key portion assigned to the user, 
comprising: 

so a storage device configured to store the central authority 
key portion associated with a first user and the central 
authority key portion associated with a second user; 
a processor configured to generate a symmetric session 
crypto-key, to retrieve the central authority key portion 

65 associated with the first user and the central authority 
key portion associated with the second user from the 
storage device, to generate a first user session key by 
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encrypting ihe generated symmetric session crypto-key 
with a combination of the public crypto-key and the 
retrieved central authority key portion associated with 
the first user, to generate a second user session key by 
encrypting the generated symmetric session key with a 
combination of the public crypto-key and the retrieved 
central authority key portion associated with the second 
user, to direct the first user session key to the first user, 
and to direct the second user session key to the second 
user; 

wherein the symmetric session crypto-key is obtainable 
by applying the private user key portion associated with 
the first user to the first user session key and by 
applying the private user key portion associated with 
the second user to the second user session key so that 
a common session crypto-key is available to the first 
and the second users to encrypt and decrypt commu- 
nications between said users. 

17. A programmed computer according to claim 16, 
wherein: 

the storage device is further configured to store the public 
encryption key associated with the first user and the 
public encryption key associated with the second user; 
and 

the processor is further configured to retrieve the public 
encryption key associated with the first user and the 
public encryption key associated with the second user 
from the storage device, to generate the first user 
session key by encrypting the generated symmetric 
session crypto-key with a combination of the central 
authority key portion and the retrieved public encryp- 
tion key associated with the first user, and to generate 
the second user session key by encrypting the generated 
symmetric session key with a combination of the 
central authority key portion and the public encryption 
key associated with the second user. 

18. A programmed computer for effecting secure commu- 
nications during a communications session between users in 
a secured communication cryptosystem in which users are 
each associated with a public crypto-key and a private 
crypto-key, said private crypto-key being divided between a 
central authority key portion maintained by a central author- 
ity and a private user key portion assigned to the user, 
comprising: 

a storage device configured to store (be central authority 
key portion associated with a first user and the central 
authority key portion associated with a second user; 
and 

a processor configured to retrieve from said storage 
device the central authority key portion associated with 
the first user and the central authority key portion 
associated with the second user, to decrypt a first 
message encrypted with a combination of the private 
user key portion of the first user and the private user 
key portion of the second user by applying thereto the 
retrieved central authority key portion associated with 
the first user and the retrieved central authority key 
portion associated with the second user, to generate a 
second message, to encrypt the second message with a 
combination of the public crypto-key and the retrieved 
central authority key portion associated with the first 
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user and the public crypto-key and the retrieved central 
authority key portion associated with the second user, 
and to direct the encrypted second message to at least 
one of the first and the second users; 

5 wherein, the second message is obtainable by applying 
thereto the private user key portion associated with Ihe 
first user and the private user key portion associated 
with the second user. 

1Q 19. A programmed computer according to claim 18, 
wherein the second message is a common session encryption 
key used to secure communications between other users. 

20. A programmed computer according to claim 18, 
wherein: 

15 the storage device is further configured to store the public 
crypto-key portion associated with the first user and the 
public crypto-key portion associated with (he second 
user; and 

the processor is further configured to decrypt the first 
20 message by applying the public crypto-key associated 
with the first user and the public crypto-key associated 
with the second user thereto, and to encrypt the second 
message with the public crypto-key associated with the 
first user and the public crypto-key associated with the 
25 second user. 

21. A programmed computer for effecting secure commu- 
nications during a communications session between users in 
a secured communication cryptosystem in which users arc 
each associated with a public crypto-key and a private 

30 crypto-key, said private crypto-key being divided between a 
central authority key portion maintained by a central author- 
ity and a private user key portion assigned to the user, 
comprising: 

a processor configured to encrypt a request for a sym- 
35 metric session crypto-key by applying a combination of 
the public crypto-key and the central authority key 
portion associated with a user to the request, to direct 
the encrypted request to the central authority, to decrypt 
a symmetric session crypto-key encrypted with the 
40 combination of the public crypto-key and the central 
authority key portion associated with the user by apply- 
ing thereto the private user key portion associated with 
the user to obtain the symmetric session crypto-key, 
and to apply the symmetric session crypto-key to 
45 encrypt and decrypt communications between the user 
and at least one other user; and 
a storage device configured to store the symmetric session 
crypto-key. 

5Q 22. A programmed computer according to claim 21, 
wherein: 

the processor is further configured to generate a hash 
message by applying a hash function to a message to be 
communicated to the at least one other user, to encrypt 
55 the hash message with the symmetric session crypto- 
key, and to direct the encrypted hash message to the at 
least one other user, and 

the hash message is obtainable by the at least one other 
user by applying the symmetric session crypto-key to 
60 the encrypted hash message. 

* * * * * 
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